From 4df3e40e3456110359d37b001eef1e152a294358 Mon Sep 17 00:00:00 2001 From: bernhard Date: Thu, 23 Jan 2025 16:02:19 +0100 Subject: [PATCH 1/4] Issue #4088: Consider DockerVersionRequired when running under Docker --- bin/otobo.CheckModules.pl | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/bin/otobo.CheckModules.pl b/bin/otobo.CheckModules.pl index a6c475e02d..0943ba0921 100755 --- a/bin/otobo.CheckModules.pl +++ b/bin/otobo.CheckModules.pl @@ -1396,7 +1396,8 @@ =head1 DESCRIPTION if ($DoPrintAllModules) { MODULE: for my $Module (@NeededModules) { - next MODULE if !$Module->{Features}; + next MODULE unless $Module->{Features}; + for my $Feature ( @{ $Module->{Features} } ) { $Features{$Feature}++; } @@ -1477,7 +1478,7 @@ =head1 DESCRIPTION sub Check { my ( $Module, $Depends, $NoColors ) = @_; - print " " x ( $Depends + 1 ); + print ' ' x ( $Depends + 1 ); print "o $Module->{Module}"; my $Length = 33 - ( length( $Module->{Module} ) + ( $Depends * 2 ) ); print '.' x $Length; @@ -1516,17 +1517,23 @@ sub Check { } } - if ( $Module->{VersionRequired} ) { + # There might be a version requirement + my $VersionRequired = $ENV{OTOBO_RUNS_UNDER_DOCKER} + ? + ( $Module->{DockerVersionRequired} // $Module->{VersionRequired} ) + : + $Module->{VersionRequired}; + if ($VersionRequired) { # Check the required version range. # The version range is given in META.json, or cpanfile, style. # E.g. '4.0, != 4.043, < 5.000' my $Requirements = CPAN::Meta::Requirements->new; - $Requirements->add_string_requirement( $Module->{Module} => $Module->{VersionRequired} ); + $Requirements->add_string_requirement( $Module->{Module} => $VersionRequired ); my $IsAccepted = $Requirements->accepts_module( $Module->{Module} => $Version ); if ( !$IsAccepted ) { - $ErrorMessage .= "Version $Version installed but $Module->{VersionRequired} is required! "; + $ErrorMessage .= "Version $Version installed but $VersionRequired is required! "; if ( $Module->{VersionComments} ) { $ErrorMessage .= join "\n", '', $Module->{VersionComments}->@*; } From 5768b541d5932ef2f41e5ac7f0b756357bc8f5e0 Mon Sep 17 00:00:00 2001 From: bernhard Date: Wed, 22 Jan 2025 14:53:18 +0100 Subject: [PATCH 2/4] Issue #4081: test case with '>' in CSS This is actually unwanted behavior as the encoding breaks the CSS. --- scripts/test/HTMLUtils/Safety.t | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/scripts/test/HTMLUtils/Safety.t b/scripts/test/HTMLUtils/Safety.t index 85f6dd281a..d90b985743 100644 --- a/scripts/test/HTMLUtils/Safety.t +++ b/scripts/test/HTMLUtils/Safety.t @@ -1438,4 +1438,32 @@ for my $Test (@TestsWithSpecialChars) { }; } +# A test case where the child combinator is used in CSS +{ + my $String = <<'END_HTML'; + + + A Meaningful Page Title + + + +

gold + 

greater: >
+ + +END_HTML + my %Result = $HTMLUtilsObject->Safety( + String => $String, + ); + + # all '>' in text elements are replaced by '>' + my $ExpectedScrubbedString = ( $String =~ s/div > p/div > p/r ) =~ s/greater: >/greater: >/r; + is( $Result{String}, $ExpectedScrubbedString, 'greater sign encoded' ); +} + done_testing; From 8a3c76e9eb13b3bfaac5497795d000f2f4174848 Mon Sep 17 00:00:00 2001 From: bernhard Date: Thu, 23 Jan 2025 15:40:45 +0100 Subject: [PATCH 3/4] Issue #4081: do not encode '>' within style tags because '>' is needed as the child combinator in CSS --- Kernel/cpan-lib/HTML/Scrubber.pm | 15 +++++++++++++-- scripts/test/HTMLUtils/Safety.t | 20 +++++++++++--------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/Kernel/cpan-lib/HTML/Scrubber.pm b/Kernel/cpan-lib/HTML/Scrubber.pm index 96b2538cf2..def6b7697d 100644 --- a/Kernel/cpan-lib/HTML/Scrubber.pm +++ b/Kernel/cpan-lib/HTML/Scrubber.pm @@ -126,6 +126,7 @@ sub new { _style => 0, _preempt => 0, _ignore_empty_end => 0, + _last_start_tag => '', }; $p->{"\0_s"} = bless $self, $package; @@ -495,6 +496,10 @@ sub _scrub_str { my $outstr = ''; if ( $e eq 'start' ) { + + # remember the last start tag in order to allow special handling based on the current tag + $s->{_last_start_tag} = $t; + if ( exists $s->{_rules}->{$t} ) # is there a specific rule { if ( ref $s->{_rules}->{$t} ) # is it complicated?(not simple;) @@ -547,8 +552,14 @@ sub _scrub_str { $outstr .= $text if $s->{_process}; } elsif ( $e eq 'text' or $e eq 'default' ) { - $text =~ s//>/g; + # See https://rt.cpan.org/Public/Bug/Display.html?id=2991 + $text =~ s/'. + # Replacing '>' with '>:' breaks CSS which uses the child compbinator + if ( $s->{_last_start_tag} ne 'style' ) { + $text =~ s/>/>/g; # see https://rt.cpan.org/Public/Bug/Display.html?id=2991 + } $outstr .= $text; } diff --git a/scripts/test/HTMLUtils/Safety.t b/scripts/test/HTMLUtils/Safety.t index d90b985743..453031498a 100644 --- a/scripts/test/HTMLUtils/Safety.t +++ b/scripts/test/HTMLUtils/Safety.t @@ -26,6 +26,7 @@ use Test2::V0; # OTOBO modules use Kernel::System::UnitTest::RegisterOM; # set up $Kernel::OM +use Kernel::System::UnitTest::Diff qw(TextEqOrDiff); # get HTMLUtils object my $HTMLUtilsObject = $Kernel::OM->Get('Kernel::System::HTMLUtils'); @@ -662,17 +663,17 @@ END_INPUT Result => { Output => <<'END_OUTPUT', @@ -933,7 +934,7 @@ for my $Test (@TestsWithDefaultConfig) { else { ok( !$Result{Replace}, 'not replaced', ); } - is( $Result{String}, $Test->{Result}->{Output}, 'output' ); + TextEqOrDiff( $Result{String}, $Test->{Result}->{Output}, 'output' ); }; } @@ -1166,7 +1167,7 @@ You should be able to continue reading these lessons, however. Line => __LINE__, }, { - Name => 'stype with remote background image protocol-relative URL, NoExtSrcLoad', + Name => 'style with remote background image protocol-relative URL, NoExtSrcLoad', Input => 'localhost', Config => { NoExtSrcLoad => 1, @@ -1334,7 +1335,7 @@ for my $Test (@TestsWithExplicitConfig) { else { ok( !$Result{Replace}, 'not replaced', ); } - is( $Result{String}, $Test->{Result}->{Output}, 'output' ); + TextEqOrDiff( $Result{String}, $Test->{Result}->{Output}, 'output' ); }; } @@ -1461,9 +1462,10 @@ END_HTML String => $String, ); - # all '>' in text elements are replaced by '>' - my $ExpectedScrubbedString = ( $String =~ s/div > p/div > p/r ) =~ s/greater: >/greater: >/r; - is( $Result{String}, $ExpectedScrubbedString, 'greater sign encoded' ); + # all '>' in text content, except style, are replaced by '>' + my $ExpectedScrubbedString = $String =~ s/greater: >/greater: >/r; + + TextEqOrDiff( $Result{String}, $ExpectedScrubbedString, 'greater sign encoded' ); } done_testing; From fe5fc8c8556b9449a1bb3fceed91d66e94eca0f7 Mon Sep 17 00:00:00 2001 From: bernhard Date: Wed, 22 Jan 2025 16:36:51 +0100 Subject: [PATCH 4/4] Issue #4081: fix spelling in code comment --- Kernel/System/HTMLUtils.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Kernel/System/HTMLUtils.pm b/Kernel/System/HTMLUtils.pm index cb0caed2b7..7dacecde92 100644 --- a/Kernel/System/HTMLUtils.pm +++ b/Kernel/System/HTMLUtils.pm @@ -1278,7 +1278,7 @@ sub Safety { ], ); - # for some reason stype and script are not handled by new() + # for some reason the tags 'style' and 'script' are not handled by new() $Scrubber->style(1); # style tags should not be filtered by HTML::Parser $Scrubber->script( $Param{NoJavaScript} ? 0 : 1 ); # let HTML::Parser filter script tags